Mix in Facebook profils !!!

Florian,
That absolutely should not be the case, for obvious security reasons. Can you tell me the following:
1) Does this happen to anyone on any computer, or just if the other person is on the same computer you were on?
2) Do you have any caching enabled (in Global Config, System - Cache plugin, or any other extensions)?
3) In the JFBLogin module, do you have the "Allow Reconnections" setting enabled?

Let us know the above, and we'll try to narrow it down. We've -never- heard of this issue, so I don't think it's a bug specifically in JFBConnect, but may be a conflict between it and your overall configuration.

Thanks,
Alex

Florian,
My guess for the issue you saw (since you were using the same computer) was that you have the "Logout Of Joomla Only" setting enabled. With that setting, if you go through the following steps, you can re-associate your Facebook account with a different Joomla user:
1) Login to site with Facebook.
2) Logout on Joomla (you'll still be logged into Facebook)
3) Log into Joomla with a normal Joomla user's credentials
4) There will be a "Facebook Reconnect" button (or something similar) in the JFBCLogin module. If clicked, it will 'connect' the Facebook user from step 1 to the Joomla user in step 3.

That expected behavior, and does happen when testing the site for some users, but it's a nice feature for other users of the site in case they accidentally create a 'new' Joomla account when registering through Facebook/JFBConnect the first time. It can happen other ways without the Logout setting above.. it's simply a matter of the sequence you manage to login and logout of Joomla and Facebook.

Hope that helps explain.. if it happens again unexpectedly, definitely let us know.

Thanks,
Alex

It definitely shouldn't happen anymore, 'randomly'. On the same computer, or during testing, it can happen without even thinking about it (you get used to logging in, out, and in again, and can get confused which account is open in Joomla and Facebook and elsewhere). In normal circumstances though, it should never happen though.

As for Invalid Tokens, that's not a JFBConnect related. A 'token' is generated whenever a user views a page with a form. That token is then verified when the form is submitted by Joomla to make sure the same user that viewed the page is the one submitting it. If it's invalid, that can mean:
1) Your tokens are expiring (you've been staring at the page for 15 minutes or so before logging in) - most likely
2) There's an issue with you database storing session data for each user - unlikely

Try to gauge when you get the token errors, and on what types of forms. If necessary, you can increase the Session timeout period in the Global Configuration area of Joomla. It defaults to 15 minutes, I think. We use 120 on this site for various reasons.

Hope that helps,
Alex

Florian,
In the JFBCLogin module, you can simply disable the "Allow Reconnections" option to prevent users from changing their mappings altogether. Its generally not a used feature, and we'd just recommend you disable it.

For the session database I mentioned, you'd need to run a check on your database tables. You can do so by running CHECK TABLE xxx_session. Also, components like Akeeba's Admin Tools have the ability to check and repair tables automatically.

Changing the session has the effect of increasing your database size slightly, since more rows (1 for each visitor on your site) will stay around longer. Additionally, if user's don't use the logout button, they will stay logged in for the full session length. If your site is frequented by users in internet cafes, keeping this smaller is better.

Finally, the 2 sites thing is extremely strange, and may be part of other issues. It sounds like you have the tmp directory in your configuration.php file(s) setup incorrectly. If that's not it, then there's some sharing between your sites going on that could be causing the reconnections above (one site writes to the wrong database) or a slew of other problems. JFBConnect wouldn't do this without something within Joomla (or JomSocial) being configured incorrectly, and that needs to be looked into.

Hope that helps,
Alex